MEDIUM
RobinHerbots
CVE published 2026-07-18
CVE-2026-16150
A vulnerability was found in RobinHerbots Inputmask up to 5.0.9. The issue affects the function extendDefaults/extendDefinitions/extendAliases in the library lib/dependencyLibs/extend.js of the component Internal Deep Merge Helper. This allows for improperly controlled modification of object prototype attributes. The attack may be performed remotely. The project was informed of the problem early through a [truncated]